What version of Codex is running?
codex-cli 0.92.0
What subscription do you have?
chatgpt plus
Which model were you using?
gpt-5.2-codex
What platform is your computer?
Darwin 25.1.0 arm64 arm
What terminal emulator and version are you using (if applicable)?
wezterm
What issue are you seeing?
I encountered unexpected behavior where codex-cli executes git branch -d without requiring user confirmation, even though I am running in a Git Worktree + default rule.
I suspect this is a safety regression or a logic flaw in how the CLI handles Git Worktrees versus standard repositories.
What steps can reproduce the bug?
-
Create a git worktree: git worktree add ../my-feature-branch
-
Run codex-cli with the workdir set to this new worktree path.
-
Ask the CLI to delete a branch (e.g., git branch -d some-feature).
Observed: The command runs immediately without an approval prompt.
Note: I don't have any pre-approved command in my default.rule file
What is the expected behavior?
The CLI should pause and ask for confirmation (Decision: "deny" or "prompt"), especially since this is a destructive operation.
Additional information
No response
What version of Codex is running?
codex-cli 0.92.0
What subscription do you have?
chatgpt plus
Which model were you using?
gpt-5.2-codex
What platform is your computer?
Darwin 25.1.0 arm64 arm
What terminal emulator and version are you using (if applicable)?
wezterm
What issue are you seeing?
I encountered unexpected behavior where codex-cli executes git branch -d without requiring user confirmation, even though I am running in a Git Worktree + default rule.
I suspect this is a safety regression or a logic flaw in how the CLI handles Git Worktrees versus standard repositories.
What steps can reproduce the bug?
Create a git worktree: git worktree add ../my-feature-branch
Run codex-cli with the workdir set to this new worktree path.
Ask the CLI to delete a branch (e.g., git branch -d some-feature).
Observed: The command runs immediately without an approval prompt.
Note: I don't have any pre-approved command in my default.rule file
What is the expected behavior?
The CLI should pause and ask for confirmation (Decision: "deny" or "prompt"), especially since this is a destructive operation.
Additional information
No response